From last week’s cybersecurity news: The breach of the US federal judiciary’s electronic case filing system discovered on July 4 is still a problem, and a mysterious one. Though initial reports blamed Russia, it’s still not entirely clear who is behind the hack or what exactly happened.
We do know software vulnerabilities were exploited that had also been breached in 2020, that some courts are now using paper back-ups for filing, and that sealed court records have been exposed, which may include confidential informants and witnesses across multiple US states.
This joins a bevy of successful attacks on government systems in recent years—including the US Treasury hack (disclosed in late 2024) and the Salt Typhoon hack of at least nine US telecom firms from earlier in 2024—and demonstrates the scale, organization, and persistence of attackers.
As the chief analyst of Google’s Threat Intelligence Group, John Hultquist, told Wired’s Lily Hay Newman, it’s not unusual to see multiple entities from varying nations (including domestic criminal organizations) poking at the same vulnerabilities, working together or taking advantage of another’s breach for their own exfiltration.
Cyber security threats of varying kinds can often come from diffuse teams, banding together to share information and services, from ransomware-as-a-service (RaaS) and phishing-as-a-service (PhaaS) to malware and even DDoS offered for hire. Data is auctioned on the dark web or by brokers, and law enforcement actions like 2024’s Operation Cronos have revealed how such enterprises recruit and onboard their own affiliates, as well as assisting and collaborating with other cyber criminals.
With attacks coming from across the globe and leveraging shared resources, it’s all but impossible for organizations to manage cyber defense entirely on their own, let alone in departmental silos. This week’s PTP Report looks at the why and how of collaboration in cybersecurity—both internal and across organizations.
Cyber Threats Thrive on Ignorance
It probably goes without saying that it’s far easier to protect against the threats you know of than hypothetical and speculative risks.
With ransomware services now using multi-level extortion and adding encryption to data theft and social engineering (like Scattered Spider’s fake IT calls), attacks are increasingly sophisticated.
Yet the fear of blame or damage to brand can lead individuals, teams, and even whole organizations to delay disclosing suspicious activities or mistakes. And when they do, damage control or competitive pressures can restrict the sharing of vital information or extent of communication to third parties, allowing cybercriminals to thrive from the chaos.
Per Verizon’s Data Breach Investigations Report (DBIR) for 2025, ransomware attacks continue to climb, and now disproportionately target smaller organizations.
But Trend Micro’s investigation of Operation Cronos materials supported the view that paying ransoms is usually not the best course of action for companies, as it was proven that stolen data was not deleted after receipt of payment (despite assurances to the contrary).
Shared insights like these have helped drive down the number of companies now paying ransoms, with 64% refusing to do so last year (from 50% in 2023), per DBIR data.
Ransomware is still rampant—present in 44% of breaches, a 37% jump from last year—and third-party risk has also exploded, with 30% of breaches involving a vendor or partner.
The Benefits from Collective Defense in Cybersecurity
Chris Gibson used to lead global forensics for Citibank’s Computer Emergency Response Team (CERT) before spending a decade in the leadership of the Forum of Incident Response and Security Teams (FIRST). Now its executive director, Gibson is an outspoken advocate on the need for collaboration in cybersecurity.
For Infosecurity Magazine, he wrote about the necessity for Incident Response Teams (IRT) to break down communication barriers with law enforcement, suggested it may be one of the best ways to stop repeated attacks.
It also allows for the kinds of countermeasures that are necessary in an environment where attackers share resources on their side—analysis of broader trends and campaigns that extend beyond what your company alone can possibly know.
This level of sharing also accelerates remediations and improves defenses both now and into the future.
And initiating communication now, companies can radically reduce the time-to-action required during events.
As Gibson told Cybernews in a July interview:
“Cybersecurity challenges are global, and no single organization, country, or region can solve them in isolation.”
The current landscape is too vast, too fast, and too adaptive.
The dangers of fragmentation in your defense are clear in Mandiant’s M-Trends report for 2025, which shows that once again exploited vulnerabilities posed the greatest risk for infection among their investigated incidents (most zero-day), though stolen credentials have been climbing as an infection vector due to the scale and frequency of data breaches.
Such vulnerabilities require collaboration to uncover and patch.
Improving Internal Cyber Defense Strategies
As Chris Gibson told Cybernews:
“Without a clear incident response strategy, businesses are essentially flying blind in a storm. It’s not a question of if a breach will happen, but when.
Delayed response times can amplify the impact of an attack: data loss, reputational harm, regulatory fines, and customer attrition.”
And collaboration begins within organizations themselves.
PTP’s Founder and CEO Nick Shah wrote in his newsletter on the importance of breaking down security silos, detailing the high number of incidents that begin with human error.
From his examination in late 2024:
- 95% of breaches include human error.
- 91% of organizations surveyed in the UK dealt with phishing and 80% impersonation.
- Former US Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger estimated the annual average cost of cybercrime will reach $23 trillion worldwide by 2027.
GenAI is only making this form of attack faster and easier than ever before. Verizon’s DBIR found that—among surveyed malware emails—synthetically generated text has doubled since 2023.
And while members of an organization may view cybersecurity as being someone else’s job, the truth is that today it is a part of every job that makes use of digital resources.
It may ultimately be your company’s culture and training that determines how ready and able people from all departments are to be part of shared defense.
Leveraging internal collaboration begins with increasing awareness of terms and risks, including the role human error and judgment make in the frequency and severity of cybersecurity incidents.
Knowing incident response best practices readily and having executed them (ideally through unannounced, simulated attacks), with ready points of contact, can be a lifesaver for a company when the inevitable incidents occur.
This kind of training, along with effective auditing and ongoing risk assessments, makes your defense not just schematic and conceptual but actionable and tested.
Chris Gibson recommends also embracing automation, putting into use frameworks like CVSS (Common Vulnerability Scoring System) and EPSS (Exploit Prediction Scoring System) to help prioritize vulnerabilities.
But as he stresses, automation also introduces its own vulnerabilities without effective oversight.
Bridging communication gaps begins at home, helping you maintain visibility across the entire organization.
Cross-Organization Cybersecurity
Threat intelligence sharing across businesses and government agencies may be the only way to keep up with the pace of change.
And according to ESET president Brent McCarty, 80% of US critical infrastructure, from defense to telecom to transportation, is privately owned but government regulated.
CISA’s Joint Cyber Defense Collaborative (JCDC) aims to bridge the public-private gap directly, and its partners include Google, Microsoft, AT&T, and CrowdStrike. You can consult their resources directly for prior AI exercises, high-risk resources, and security updates on vulnerabilities (such as the kind detailed above).
Third-party partnerships among businesses are essential in today’s tech landscape, but they can also be a security challenge due to a lack of visibility.
The international nonprofit FIRST is one organization geared around peer-to-peer networks across borders to encourage real-time cyber threat information sharing, as well as coordinated communication with law enforcement and sector-specific networks.
The Malware Information Sharing Platform (MISP) is an example of an open-source platform for threat intelligence that can be run on-prem or in the cloud, and a number of organizations (including FIRST) maintain MISP instances to facilitate this kind of sharing across organizations.
This furthers the sharing of intelligence, providing increased knowledge and support around emerging threats.
Roles to Bolster Your Cybersecurity Readiness and Collaboration
Cloud misconfigurations are one common vulnerability for companies across sectors that can be resolved with care and expertise. (We detailed several examples in our cybersecurity news roundup from April and May 2025.)
Having an effective defense requires cybersecurity collaboration, yes, but it also requires the right experience and knowledge.
PTP has nearly three decades of experience providing quality tech talent and is a partner you can count on for high-quality vetting and a wide variety of options to get you the talent you need.
We offer on and off–site assistance and can accommodate onshore, nearshore, and offshore options for the best cybersecurity talent pool to fit with your culture and skill needs.
We can help you fill roles in this area, like building out your own computer security incident response team (CSIRT) with incident managers and staff for cross-functional drills and response plans.
Threat intelligence leads and analysts can help you build and maintain internal intelligence as well as establish the kinds of partnerships discussed here.
Vulnerability and Exposure Management professionals can provide EPSS triage, vulnerability detection, and ensure prompt and effective patching and updating of your systems.
And Automation Engineers help you bring automation into practice safely, with oversight and effective rollback capacities in place from the start.
Conclusion
Too many companies only discover threats and their own vulnerabilities to them after they’ve been hit.
And in many cases (like the US federal judiciary breach we opened with), these incidents get repeated when organizations never fully address the root problem.
With hackers tapping into their own networks for intelligence, tools, tips, and services, cybersecurity in 2025 requires the same level of collaboration—both internally and externally.
Unified teams can provide better protection, detection, containment, and remediation. They can also save other organizations, and the critical infrastructure we all rely on, from suffering the same damage.
References
2025 Data Breach Investigations Report, Verizon
M-Trends 2025 Report, Mandiant/Google Cloud Security
The First Federal Cybersecurity Disaster of Trump 2.0 Has Arrived, Wired
Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption, Trend Micro
Enhancing Collaboration: Incident Response Teams and Law Enforcement, Infosecurity Magazine
Chris Gibson, FIRST: “why no organization can face cybersecurity alone”, Cybernews
Joint Cyber Defense Collaborative, CISA
The Unsung Hero Of Cybersecurity: Teamwork, Forbes
FAQs
What does collaboration in defense actually look like for a small or medium-sized company?
Specifically, it means internal collaboration, with effective training, cross-functional teams, regular (unannounced) tests, rehearsals of incident response, and measurement of response time metrics. It means creating a culture of security where everyone knows what to do and with whom to communicate when they suspect an incident may have occurred.
Across organizations, it can mean considering membership with an organization like FIRST or your own sector’s ISAC/ISAO, making use of tools like MISP for two-way sharing, adopting exchange and “fix first” lists with critical vendors.
With government organizations, research and broach barriers now, before incidents happen, and know who your law enforcement point of contact is, with procedures understood and ready.
What are specific ways we can improve our own culture of defense internally?
Training and awareness are critical. There is arguably no easier way to improve your security and response than establishing a knowledgeable workforce with a strong culture of security. This involves putting lessons into practice with effective, unannounced tests, having incident response plans and points of contact accessible and understood, and auditing your readiness and response regularly. Ultimately everyone should know that cybersecurity is a part of their job, too.
Isn’t it risky to be sharing our own cyber information with other organizations?
It can be, if it’s not done properly, in the same way that automation can add vulnerabilities even as it greatly assists your defense, too.
But done properly, sharing technical threat details without customer data through governed channels, and with established and clear rules on confidentiality in place is very much to your own benefit. It not only helps you see attacks sooner but also resolve incidents faster as you can draw on intelligence from across organizations and see what’s coming before it hits.
